January 16, 2019

Attribution of Major Cyber-attacks Has Become Mainstream

To fight a cyber-attack or cyber terrorist you must have John McClane in the ‘Live Free or Die Hard’ movie at hand. Luckily this is not the case in real life.

Today attribution of cyber-attacks is reality while the same rules and laws apply to the cyberspace as for the physical world, argued Stanislav Secrieru, Senior Analyst at EUISS and two of the co-authors of the Chaillot Papers collection of articles “Hacks, leaks and disruptions – Russian cyber strategies” Piret Pernik and Siim Alatalu, Strategy Branch Researcher at NATO CCDCOE. The discussion was moderated by Sven Sakkov, Director of the ICDS.

Russian cyber threat is not new according to the experts. It was first designed as a tool to suppress domestic political opposition and later transformed into a foreign policy tool.

Estonia experienced a major cyber-attack back in 2007, which likely helped to secure the hosting of the NATO CCDCOE in Tallinn, and contributed to advancing the Estonian foreign policy goal of strengthening integration into EU and NATO. Since then Estonia is widely recognised for its expertise on cyber security and defence.

The cyber-attacks are very costly and can cause a lot of damage, even human casualties, if they are targeted at critical infrastructure, a power plant for example. But it is more difficult for Russia to act since their strategies are well known and observed.

Still, the intruders are very consistent. According to Sakkov Russia will go as long as they are allowed to: “Naming and shaming does not work on those who do not feel shame.”

The Chaillot Papers report explores how Russia’s increasingly assertive behaviour in cyberspace has lent new urgency to the debate about cybersecurity in the West. It focuses on what lessons EU member states have learned from recent events, and on how the EU and NATO have responded to these cyber challenges on the diplomatic, political and security fronts.

The paper argues that Russia’s aggressive use of cyber tools has led the US and many Europeans states to adopt more defensive cyber strategies, and that as a result Russia may have lost the strategic advantage it has hitherto enjoyed in what is becoming an ever-more contested domain.